Confirm your token is a security under the relevant legal test, choose a jurisdiction and offering pathway — full registration, qualified-investor, or small-offers exemption — then select a tokenization model that sets how ownership, capital, and investor rights are structured.
This phase is where a tokenization strategy becomes a defensible offering. Before a single token is issued through Stobox Compass, you settle two questions that govern everything downstream: how your asset is classified under securities law, and which offering pathway and tokenization model you will run. Get these right and the rest of the journey — smart-contract logic, investor disclosures, legal structuring, secondary-market eligibility — has a solid foundation. Get them wrong and no amount of engineering fixes it.
The work here divides into two connected tracks. First, regulatory clarity: confirming your token is a security, understanding the legal test each jurisdiction applies, and mapping the registration or exemption pathway you will use. Second, the tokenization model: the commercial structure that determines how your tokenized asset delivers value to investors — how ownership is structured, how capital flows, and what rights token holders receive. Take your time with both. The decisions you make here form the foundation of your Security Token Offering (STO).
Note: This page is educational reference for issuers and their counsel — it is not legal advice. Securities classification and offering exemptions turn on jurisdiction-specific facts. Confirm your structure with qualified securities counsel in every market where you intend to raise.
Importance of Securities Classification and Regulatory Clarity
Proper classification of your tokenized asset as a security — and operating within a clear regulatory framework — is not a legal formality. It is the foundation of a legitimate, scalable, and investor-ready offering.
Security tokens are digital representations of ownership, debt, or investment contracts. As such, they are governed by financial regulations that exist to protect investors, ensure market integrity, and create enforceable legal rights. The sooner a project embraces this regulatory structure, the more effectively it can scale across jurisdictions, attract capital, and earn long-term market credibility.
Key Benefits of Proper Classification
Ensures legal and regulatory compliance. Classifying your token correctly places you under the right legal framework — securities law, prospectus regulation, or a private-placement exemption. This avoids unintentional violations that could trigger legal challenges or regulatory enforcement, and it aligns your offering with the requirements of regulators such as the SEC (U.S.), ESMA (EU), the FCA (UK), or FINMA (Switzerland).
Mitigates legal and operational risk. A token issued without proper legal classification may be deemed an unregistered security, exposing issuers to penalties, investor lawsuits, and forced refunds. Regulatory clarity lets you issue, trade, and manage tokens without fear of retroactive enforcement.
Enhances investor confidence. Institutional and accredited investors require legal certainty before participating. When a security token is properly classified and either registered or validly exempt, investors know their rights are enforceable — and transparency materially boosts credibility.
Enables cross-border market access. Jurisdictions that provide clear legal definitions and regulatory paths for tokenized securities open the door to multi-jurisdictional distribution, passporting, and listing. A well-structured STO can launch under compliant frameworks such as Reg D / Reg S (U.S.), prospectus exemptions (EU), or MiFID II-aligned structures.
Supports secondary-market liquidity. Only legally compliant tokens are eligible for listing on regulated venues and Alternative Trading Systems (ATS). Without proper classification, tokens risk remaining illiquid or being delisted from compliant platforms.
What STO Regulations Cover
Security Token Offerings are not unregulated token sales like many early ICOs. They fall under securities law in every jurisdiction where they are offered — issuing an STO is legally equivalent to offering traditional financial securities, and carries the same investor-protection, disclosure, and oversight obligations. Non-compliance can carry serious civil and, in some jurisdictions, criminal liability.
| Regulatory area | Purpose |
|---|---|
| Securities classification | Determines whether a token is a security under the law |
| Offering registration / exemption | Requires the issuer to register or file under a legal exemption (e.g. Reg D, Reg S) |
| Disclosure & documentation | Mandates legal documents such as prospectuses or private-placement memoranda |
| KYC / AML | Requires identity verification to prevent fraud and illicit financing |
| Transfer restrictions | Prevents unauthorized trading or sales outside permitted jurisdictions |
| Trading-venue licensing | Requires tokens to trade on regulated venues (ATS, MTF) |
| Custody & investor records | Ensures safekeeping of tokenized assets and accurate holder tracking |
| Tax & reporting | Obligates issuers to comply with taxation and financial-disclosure rules |
Compliance is foundational. It bridges blockchain innovation and traditional finance, protects both issuers and investors, and is what makes scalable, cross-border tokenized markets possible.
Legal Tests for Securities Classification
Legal tests for securities classification are the judicial and regulatory criteria used to determine whether a financial instrument or digital asset qualifies as a “security” under the law. This matters because securities are subject to strict rules on issuance, trading, disclosure, investor protection, and licensing. If an instrument is a security, its issuance, distribution, and trading must comply with securities law — through registration or a valid exemption.
The four frameworks below are the ones that most often govern Stobox issuers. For deeper jurisdiction-by-jurisdiction detail, see the jurisdiction guides.
European Union — MiFID II and MiCA
In the EU, the classification of tokenized assets is primarily governed by two frameworks that operate side by side.
MiFID II (Markets in Financial Instruments Directive II). Security tokens that meet the definition of a financial instrument — shares, bonds, derivatives, or units in investment funds — fall under MiFID II and are treated like traditional securities. They must comply with licensing and authorization requirements, investor-protection and suitability rules, prospectus and disclosure obligations, and reporting, custody, and market-conduct standards. Issuers, brokers, and trading platforms must operate under appropriate permissions within the EU or via passporting across member states.
MiCA (Markets in Crypto-Assets Regulation). MiCA provides a harmonized framework for non-security crypto-assets — utility tokens, asset-referenced tokens, and e-money tokens — and for Crypto-Asset Service Providers (CASPs). MiCA’s provisions for asset-referenced and e-money tokens applied from 30 June 2024, and the regulation became fully applicable for CASPs from 30 December 2024. Critically, MiCA does not apply to crypto-assets already classified as financial instruments under MiFID II — it fills the gaps for digital assets previously outside the scope of EU financial law.
The dividing line for issuers: if a token represents ownership, profit rights, debt, or investment exposure, it is likely a security under MiFID II and must comply with those obligations in full. Only non-security tokens fall under MiCA. Proper classification is essential for lawful issuance, trading, and investor onboarding across the EU.
United Kingdom — FCA
The Financial Conduct Authority (FCA) classifies digital assets as either regulated or unregulated tokens. Security tokens are regulated tokens, because they confer rights akin to traditional financial instruments — shares, debt instruments, or units in a collective investment scheme — and therefore fall within existing UK securities legislation and financial-promotion rules.
Key compliance requirements for security tokens in the UK:
- Must be issued and marketed in accordance with UK financial-services regulations.
- May require approval or exemption under the UK Prospectus rules or the Financial Services and Markets Act (FSMA).
- Issuers and distributors may need to be authorized or registered with the FCA.
- Investors must receive appropriate risk disclosures and offering documents, and may be restricted by classification (retail vs. professional).
The UK does not yet have a bespoke legislative regime for tokenized securities; the FCA applies existing law so that blockchain-based instruments meet the same standards as traditional assets. Issuers offering security tokens in or from the UK should engage qualified counsel to confirm structure, marketing, and offering terms.
United States — SEC and the Howey Test
In the U.S., classification is governed by the Securities and Exchange Commission (SEC), which applies the Howey Test — derived from a 1946 Supreme Court decision — to determine whether a digital asset is a security. A token is a security if it satisfies all four prongs:
- Investment of money — a contribution of capital or other value by investors.
- Common enterprise — the investment is pooled or relies on a shared project or entity.
- Expectation of profit — investors anticipate income, appreciation, or distributions.
- Efforts of others — that expected profit is driven primarily by the efforts of the issuer or project team.
If a token meets the Howey Test, it must either be registered with the SEC (e.g. an S-1 public offering or a qualified Regulation A+ offering) or issued under a valid exemption — Regulation D (private placements to accredited investors), Regulation S (offshore offerings to non-U.S. investors), Regulation A+ (tiered exemptions with raise caps), or Regulation CF (crowdfunding with limits). Issuers must also implement investor disclosures, transfer restrictions, KYC/AML, and secondary-trading compliance such as ATS listing.
The practical reality: the vast majority of tokens offering ownership, profit participation, or debt repayment are securities in the U.S. If yours meets the Howey Test, structure and offer it in full compliance to avoid enforcement, investor claims, and penalties.
Switzerland — FINMA
The Swiss Financial Market Supervisory Authority (FINMA) classifies tokens by their economic function rather than by creating new legal categories, mapping each token onto Switzerland’s established financial and securities frameworks. FINMA recognizes three primary types:
- Payment tokens — a means of exchange or payment (e.g. Bitcoin, Litecoin); not tied to a project or claim on an issuer. Typically outside securities regulation but subject to AML law.
- Utility tokens — provide access to a digital application, platform, or service, and must serve a genuine utility function at issuance. May be unregulated if they carry no investment characteristics.
- Asset tokens (security tokens) — represent ownership, debt claims, or economic-participation rights; functionally similar to stocks, bonds, or derivatives, and regulated as securities under Swiss law.
Tokens with overlapping characteristics (utility plus investment return) may be treated as hybrids, in which case the stricter regime applies. Where a token is an asset token, it triggers securities-law disclosures, KYC/AML and investor onboarding controls, potential licensing for issuance, custody, or secondary trading, and prospectus filing or exemption under the Swiss Financial Services Act (FinSA). In practice, most tokenized equity, real estate, debt, or revenue claims are asset tokens; issuers must align with FinSA, FinIA, and AMLA obligations where applicable. In 2021 Switzerland’s DLT Act made it one of the first jurisdictions to legally recognize DLT-based securities and blockchain-native trading venues.
STO Offering Regulations by Jurisdiction
Once a token is confirmed to be a security, the next decision is the offering pathway: whether to run a fully registered public offering, use a qualified- or professional-investor exemption, or use a small-offers exemption. Each pathway trades reach against cost and compliance burden. The four jurisdictions below are the primary hubs Stobox issuers use; the same three-way logic — full registration, qualified-investor, small offers — recurs across all of them.
United States (SEC)
The SEC is the most influential and assertive securities regulator globally, treating most tokens with investment and profit expectations as securities under the Howey Test. Beyond a full S-1 registration, issuers most often use one of the following exemptions.
| Pathway | Who can invest | Raise cap (12 mo.) | Key conditions |
|---|---|---|---|
| Reg D — Rule 506(b) | Accredited investors + up to 35 non-accredited | No limit | No general solicitation; requires a prior relationship with investors |
| Reg D — Rule 506(c) | Accredited investors only | No limit | Public solicitation allowed, but all investors must be verified as accredited |
| Reg S | Non-U.S. investors only | No limit | Offshore transactions; cannot target or resell to U.S. persons during the distribution-compliance period (often one year) |
| Reg A+ Tier 1 | Retail + accredited | Up to $20M | SEC qualification required; may require state “blue sky” registration |
| Reg A+ Tier 2 | Retail + accredited | Up to $75M | SEC qualification, offering circular, audited financials, and periodic reporting |
| Reg CF | Retail + accredited (crowdfunding) | Up to $5M | Conducted via a registered funding portal or broker-dealer; per-investor limits apply |
Reg D is the workhorse for private, institutional, and high-net-worth raises: no registration, but a Form D must be filed within 15 days of the first sale, and anti-fraud and material-disclosure duties still apply. Reg S opens international markets while avoiding SEC registration, provided you comply with the rules of each target country. Reg A+ is a “mini-IPO” for issuers who want broad public participation and larger caps at the cost of more compliance work. Where issuers run more than one exemption at once (e.g. 506(b) alongside Reg S), they must manage the SEC’s integration rules carefully.
European Union (ESMA)
The European Securities and Markets Authority (ESMA) sets the rules and interpretations that national regulators apply. It has confirmed that security tokens are financial instruments under MiFID II, subject to the full scope of EU financial-services law — the Prospectus Regulation, MiFID II / MiFIR, the Market Abuse Regulation, and the Anti-Money-Laundering Directives. ESMA also has a central role in supervising MiCA, which is fully applicable for CASPs from 30 December 2024, covering CASP registration, cross-border offering rules, and whitepaper and disclosure standards for non-security tokens.
| Pathway | Who can invest | Raise cap (12 mo.) | Key conditions |
|---|---|---|---|
| Full prospectus (Reg (EU) 2017/1129) | Retail + professional | No limit | Prospectus approved by a national authority (e.g. BaFin, AMF, CNMV); passportable across the EEA; ongoing reporting |
| Qualified-investor exemption | Professional investors & eligible counterparties only | No limit | No prospectus required; issuer must categorize and document investor qualification under MiFID II |
| Small-offers exemption | Retail + professional | €1M mandatory EU-wide; up to €8M where the member state sets a higher threshold | No prospectus at the EU-wide level, but local filings may apply; thresholds vary by member state |
Full prospectus registration gives maximum reach — once approved in one member state, the prospectus is passportable across the entire EEA — at the cost of detailed disclosure, translation, and ongoing reporting. The qualified-investor exemption removes the prospectus requirement for offerings limited to professional investors and allows unlimited fundraising. The small-offers exemption suits startups and moderate raises: the prospectus exemption is mandatory EU-wide at €1M over 12 months, and member states may raise the threshold up to €8M (many set €5M or €8M) — so always confirm the exact ceiling and any local filing obligations in each target member state.
United Kingdom (FCA)
The FCA takes a balanced, pragmatic approach, applying existing FSMA and UK Prospectus rules to security tokens rather than a bespoke regime. The three pathways mirror the EU structure.
| Pathway | Who can invest | Raise cap (12 mo.) | Key conditions |
|---|---|---|---|
| Full registration (public offering) | Retail + professional | No limit | Full prospectus prepared and approved by the FCA; ongoing reporting; marketing must match the approved prospectus |
| Qualified-investor exemption | Institutional, professional clients, and high-net-worth individuals | No limit | No prospectus; issuers must categorize all investors; no marketing to retail |
| Small-offers exemption | Retail + professional | Up to £5M | Prospectus-exempt under FSMA / UK Prospectus rules; simplified offering documents; promotion via an authorized person; FCA financial-promotion rules apply |
Full registration maximizes reach and investor confidence for large public offerings. The qualified-investor exemption lets issuers raise unlimited capital from experienced investors with minimal registration burden, provided nothing is marketed to retail. The small-offers exemption is a streamlined, cost-effective route for smaller raises that still include retail investors, subject to clear risk disclosures and FCA financial-promotion compliance.
Switzerland (FINMA)
FINMA offers one of the world’s most mature and business-friendly frameworks for tokenized securities, backed by the DLT Act. Asset tokens are regulated as financial instruments, and offering pathways run under FinSA.
| Pathway | Who can invest | Raise cap (12 mo.) | Key conditions |
|---|---|---|---|
| Full registration (public offering) | Retail + professional | No limit | Full prospectus reviewed and approved by a Swiss review body before sale; ongoing reporting; marketing must match the prospectus |
| Qualified-investor exemption | Institutional, professional clients, and high-net-worth individuals | No limit | No prospectus; issuer must maintain records proving qualified-investor status; no retail marketing without an approved prospectus |
| Small-offers exemption | Retail + professional | Up to CHF 8M | No full prospectus; basic transparency and anti-fraud rules apply; a local authorized representative may be required |
Full registration provides maximum reach and investor confidence for large public raises. The qualified-investor exemption enables fast, flexible fundraising from experienced investors with reduced regulatory burden. The small-offers exemption (up to CHF 8M over 12 months under FinSA) is well suited to startups and moderate raises while keeping compliance costs low.
Global Investor Outreach
When targeting investors outside the major hubs — the U.S., EU, UK, and Switzerland — issuers face diverse and often fragmented legal landscapes. Global outreach can meaningfully expand your investor base, but it also expands your responsibilities: you must understand the local law of every country where you market or sell tokens.
Why pursue global outreach
- Larger, more diverse investor base. Reaching global markets — especially regions with high investment demand or fast-growing blockchain adoption — can materially increase the size of your raise.
- Access to specialized investors. Crypto-friendly jurisdictions (e.g. Singapore, the UAE) and high-net-worth communities (e.g. Hong Kong) often already understand blockchain-based instruments, lowering the barrier to participation.
- International presence. A globally marketed STO positions your project as a serious player, builds brand credibility, and can open strategic partnerships and local-market access.
Because tokenization is global by nature — blockchain assets can be owned and transferred across borders — a multi-jurisdiction strategy also diversifies away from dependence on any single market.
The challenges
- Fragmented regulation. Every country has its own securities law, investor-protection standards, and compliance requirements. Some (Singapore, the UAE) are supportive but demand strict licensing and disclosure; others (e.g. China) impose severe restrictions on blockchain-based assets.
- Issuer responsibility. You are fully responsible for compliance in every jurisdiction where you market or sell. You must verify that the offering meets local requirements and that each investor is eligible.
- Cost and complexity. Outreach often means translating offering materials, engaging local counsel, and managing filings in multiple countries — adding time and cost to the raise.
A structured approach
- Identify target markets. Prioritize by investor demand, local blockchain and crypto adoption, and regulatory posture (crypto-friendly vs. restrictive).
- Research local securities law. Determine whether tokenized assets are securities there, whether a prospectus or equivalent disclosure is required, what marketing and solicitation restrictions apply, and what the filing obligations are.
- Verify investor eligibility. Most jurisdictions restrict who can participate — retail investors may face caps and enhanced disclosures, while accredited/professional investors need status verification. Run thorough KYC/AML against each jurisdiction’s criteria.
- Localize offering materials. Translate documents, adjust disclosures to local standards, and highlight market-specific risks (for example, materials for Japan must meet the disclosure and filing standards of the Financial Services Agency).
- Engage local legal advisors. Local counsel handle filings, interpret regional nuances, and help you avoid pitfalls.
Important: In a global STO, the issuer assumes full responsibility for compliance in every jurisdiction where the offering is made. You must ensure the offering meets each country’s legal requirements and that investors are eligible under their local law — violating a jurisdiction’s rules can carry fines or bans from operating there. Stobox’s team can help integrate verified data sources and structure a compliant multi-jurisdiction offering, but this coordination does not replace qualified local counsel.
Global outreach is a powerful strategy, but it rewards careful planning, local expertise, and a genuine commitment to compliance across every market you enter.
Select the Tokenization Model
With classification and offering pathway settled, you choose the tokenization model — the commercial structure that defines how your tokenized asset delivers value. Each model reflects a different strategy: selling the asset, raising growth capital, sharing revenue, or using collateral. The model you pick determines how investor rights are structured, how value is distributed, and which legal and financial frameworks apply. Defining this model is the core deliverable of Phase 3, and it flows directly into the smart-contract logic issued through Stobox Compass.
Available models
- Full Asset Sale. The entire asset is sold to investors. Used when the owner wants a complete exit; no future ownership is retained.
- Business Growth Capital. Investors fund a business in exchange for partial ownership. The capital supports operations and growth rather than an owner exit.
- Capital Raise for Future Acquisition. Funds are raised before any asset is acquired; investors back the issuer’s plan to purchase or develop future assets.
- Development and Value Creation. Funds are used to improve or develop an asset, increasing its value before resale or monetization. Suited to “fix and flip” projects.
- Shared Ownership. An asset is split into fractions so multiple investors each own a portion and benefit in proportion to their stake. See SPV tokenization for how this is commonly structured.
- Revenue or Profit Sharing. Investors receive a share of the business’s or project’s revenue or profits. Returns depend on performance rather than ownership.
- Loan-Based Fundraising. The issuer borrows capital from investors and repays with interest; no ownership is transferred.
- Collateralized Lending via DeFi. The asset is used as collateral in a decentralized-finance arrangement. If the debt is not repaid, the collateral may pass to the lender.
Note: Two illustrative examples. A CRM software company raising $1.5M by issuing tokens that entitle investors to 5% of monthly revenue for three years is a natural fit for the Revenue or Profit Sharing model. A tokenized apartment complex used as collateral to borrow USDC via a DeFi lending pool — with debt tokens paying 8% annually over a 12-month maturity — fits Collateralized Lending via DeFi.
This framework focuses on assets structured as regulated securities. The models above cover the asset types issuers most often bring to tokenization — real estate, equity, debt, and revenue claims — structured so that investor rights are enforceable under securities law. Pure commodity, utility, or payment tokens follow different regulatory frameworks and are outside the scope of this methodology. For the open standards behind compliant issuance, Stobox builds on the STV3 protocol (its programmable security-token architecture, which Gene Deyev co-authored) and backs the ERC-7943 (uRWA) standard for compliant real-world-asset issuance. Learn more in the tokenization pillar and the knowledge base.
What you carry into the next phase
You leave Phase 3 with three settled decisions: your token’s securities classification, the offering pathway (registration or exemption) in each target jurisdiction, and the tokenization model that defines investor rights and value flow. In Phase 4: Token Economics, you translate that model into concrete numbers — token supply, pricing, distribution, and the return mechanics your chosen model implies.